Google Chrome doesn’t secure stored passwords

Search for:

Google Chrome doesn’t secure stored passwords

Stay Smart Online (SSO) has issued an urgent warning to Google Chrome users who save their passwords to their browser. Passwords are not secured properly – allowing other users to be able to view all saved passwords! We look at the vulnerabilities for this method on any browser, and look at what other methods of password retrieval computer users can to adopt to protect their important personal information and ultimately – their credit file.

By Graham Doessel, Founder and CEO of MyCRA Credit Rating Repair and www.fixmybadcredit.com.au.

Chrome will typically prompt you to save your password for a site that you visit, and remember this for future logins. While other browsers offer the option of a “master password” that can be activated to protect your passwords, Chrome does not.

On any Google Chrome browser, you can type chrome://settings/passwords into the URL bar. This will display a page listing all of the passwords held by that browser—for all users of that computer.

This is particularly concerning for shared computers. You should never save your passwords when using shared computers, such as public computers at a library or airport.

Do not rely on your browser to safely store passwords for you if someone else has physical access to that machine.

Only allow people you trust to access to your computer, especially if that computer contains confidential information.

Online expert Daniel Smith says saving passwords on your browser is something you should never do.

“It may be a convenient way to store the many passwords you might have for different accounts, but if it’s convenient for you, it can be convenient for anyone looking to steal them as well,” he says.

Daniel recommends people wanting to remember difficult passwords should use a secure and trusted third-party tool to protect and manage their passwords rather than save them to their browser.

“Sites such as Passpack.com or Lastpass could be good secure options for password management. One thing to note is that passpack has never been hacked. Another thing to note is that all browsers not just chrome do this,” Daniel says.

Daniel’s Key Tips To Protect Your Password

1. Use secure passwords. Come up with a unique password scheme – for example every 3rd vowel is a number or symbol. Or you could use two unrelated words which are memorable to you, and use tools like the Shift key to create a password that can’t be easily deciphered.

2. Use a different password for each account. It may be harder to remember, but it may just take a little bit of work to make your passwords unique and also easy to remember.

3. Use a unique username – not the default setting. Don’t use ‘admin’ as a username. You should use a username with at least 8 characters and include characters you have to press Shift for.

4. Minimise password login attempts. For sites you have control over access to – restrict the number of attempts allowed to access the site, before the user is ‘locked out’, which prevents multiple attempts to crack the password.

5. Include a 2-step verification plug-in. You can download a plug-in which requires 2-step authentification similar to bank requirements when logging in to the site. These are harder to infiltrate by hackers, but Daniel says many don’t use them because they are inconvenient.

6. Never store passwords in your browser. Take time to make passwords unique yet easy to remember or use a secure third-party password manager if necessary.

Personal Information Security and Your Credit File

Stealing passwords or personal information through these channels can lead to identity theft and potentially fraud. Hackers can on-sell your personal information to fraudsters who have identity theft as part of their repertoire.

Information like passwords, dates of birth, account numbers, full names etc can be warehoused and used to steal your identity and take credit out in your name. Fraudsters have been known to go so far as to take out personal loans, credit cards and even mortgage homes in their victim’s name.

Fraudsters are never so kind as to pay this credit back – which leads to defaults on your credit rating. Most victims are unaware of this until they apply for credit in their own right and are flat out refused.

For between 5 and 7 years you can be locked out of credit while your credit rating shows up someone else’s defaults.

Unfortunately in the past it has not been easy for identity theft victims to prove they did not initiate the credit, particularly if they have no idea how they were duped in the first place. Often this sophisticated type of fraud is instigated by overseas crime syndicates who don’t leave much of a trail, or even if they do, can’t be prosecuted easily.

Prevention really is key to protecting your credit file from this fraud – so spend some time and make sure your passwords are as secure as possible as a first line of defence against identity theft.

Black Friday and Cyber Monday are among the biggest shopping events of the year. But they also present some of the greatest opportunities for potential thieves and scammers. Before tapping in your credit card details to grab an online bargain, check these tips for protecting your personal information, and don’t fall for a deal that’s […]

The Office of the Australian Information Commissioner (OAIC) has received 242 notifications under the Notifiable Data Breaches (NDB) scheme in the period 1 April to 30 June 2018, according to the second quarterly statistical report on data breach notifications received under the scheme, released today. This is the first full quarter of operation of the […]

On 10 August 2018, the Minister for Health announced that the opt-out period would be extended until 15 November 2018. On 14 November 2018, the Minister for Health announced that the opt-out period would be further extended until 31 January 2019. This news item has been amended to reflect that. From today until 31 January […]

The Australian Government Agencies Privacy Code (the Code) came into effect on 1 July 2018, requiring Australian Government Agencies to move to a best practice approach to privacy governance across the APS, with the ongoing support of the Office of the Australian Information Commissioner (OAIC).

The 2018 Information Publication Scheme (IPS) Survey of Australian Government agencies that are subject to the Freedom of Information Act 1982 (Cth) has commenced. If you have any questions or require further information about the IPS Survey, please contact Mabel Dela Cruz of ORIMA Research on (02) 6109 6300 or surveys@orima.com or OAIC contact officer […]